Branch data Line data Source code
1 : : /* 2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 : : * 4 : : * Licensed under the Apache License, Version 2.0 (the "License"). 5 : : * You may not use this file except in compliance with the License. 6 : : * A copy of the License is located at 7 : : * 8 : : * http://aws.amazon.com/apache2.0 9 : : * 10 : : * or in the "license" file accompanying this file. This file is distributed 11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 : : * express or implied. See the License for the specific language governing 13 : : * permissions and limitations under the License. 14 : : */ 15 : : 16 : : #include <stdint.h> 17 : : 18 : : #include "tls/extensions/s2n_ems.h" 19 : : #include "tls/s2n_tls.h" 20 : : #include "utils/s2n_safety.h" 21 : : 22 : : static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); 23 : : static bool s2n_client_ems_should_send(struct s2n_connection *conn); 24 : : 25 : : /** 26 : : *= https://www.rfc-editor.org/rfc/rfc7627#section-5.1 27 : : *# 28 : : *# This document defines a new TLS extension, "extended_master_secret" 29 : : *# (with extension type 0x0017), which is used to signal both client and 30 : : *# server to use the extended master secret computation. The 31 : : *# "extension_data" field of this extension is empty. Thus, the entire 32 : : *# encoding of the extension is 00 17 00 00 (in hexadecimal.) 33 : : **/ 34 : : const s2n_extension_type s2n_client_ems_extension = { 35 : : .iana_value = TLS_EXTENSION_EMS, 36 : : .is_response = false, 37 : : .send = s2n_extension_send_noop, 38 : : .recv = s2n_client_ems_recv, 39 : : .should_send = s2n_client_ems_should_send, 40 : : .if_missing = s2n_extension_noop_if_missing, 41 : : }; 42 : : 43 : : static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) 44 : 7583 : { 45 [ - + ][ # # ]: 7583 : POSIX_ENSURE_REF(conn); 46 : : 47 : : /* Read nothing. The extension just needs to exist without data. */ 48 [ - + ][ # # ]: 7583 : POSIX_ENSURE(s2n_stuffer_data_available(extension) == 0, S2N_ERR_UNSUPPORTED_EXTENSION); 49 : 7583 : conn->ems_negotiated = true; 50 : : 51 : 7583 : return S2N_SUCCESS; 52 : 7583 : } 53 : : 54 : : /** 55 : : *= https://www.rfc-editor.org/rfc/rfc7627#section-5.3 56 : : *= type=exception 57 : : *# When offering an abbreviated handshake, the client MUST send the 58 : : *# "extended_master_secret" extension in its ClientHello. 59 : : * 60 : : * We added an exception here in order to prevent a drop in 61 : : * session resumption rates during deployment. Eventually clients 62 : : * will be forced to do a full handshake as sessions expire and pick up EMS at that point. 63 : : **/ 64 : : static bool s2n_client_ems_should_send(struct s2n_connection *conn) 65 : 7724 : { 66 : : /* Don't send this extension if the previous session did not negotiate EMS */ 67 [ + - ][ + + ]: 7724 : if (conn && conn->set_session && !conn->ems_negotiated) { [ + + ] 68 : 129 : return false; 69 : 7595 : } else { 70 : 7595 : return true; 71 : 7595 : } 72 : 7724 : }